Unlang Condition Wrong Value !

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Aug 8 11:32:02 CEST 2011


On 8 Aug 2011, at 11:09, Suman Dash wrote:

> What i mean to say is that i am not using an integer to store the
> value as integer is limited to 32bit, Instead i am directly comparing
> output from sql query in Unlanf but it doesn't seems to work either.

Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In general performance is valued over completeness when it comes to things like unlang.

Here are some workarounds:

* You could store the result as a string and use an external utility to do the comparison.
* You could also try expr xlat, but i'm not sure if it supports arbitrary precision either.  
* If you're just doing an equality check, then just write the value to a string and do a straight string comparison.
* You could do the comparison in SQL and return a boolean value (i've used this as a workaround in the past).
* You could write an xlat wrapper around one of the arbitrary precision libraries.

-Arran


> 
> It returns false where it should be returning true.
> 
> Regards
> 
> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>> 
>> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>> 
>>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>>> How about direct sql statements in Unlang not involving the
>>> Tmp-Integer. It is also not working in my scenario.
>>> 
>> 
>> You mean a comparison of two integers from two SQL statements?
>> 
>>> Attached is the logs.
>> 
>> More useful would be the config...
>> 
>> -Arran
>> 
>>> 
>>> 
>>> Going to the next request
>>> Ready to process requests.
>>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>>> id=55, length=132
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 60
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "10021"
>>>        Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>>        Called-Station-Id = "Internet"
>>>        NAS-Port-Id = "LAN"
>>>        User-Password = "10021"
>>>        NAS-Identifier = "NTL.XXXXX"
>>>        NAS-IP-Address = xxx.xx.xx.xx
>>> # Executing section authorize from file /etc/freeradius/sites-enabled/default
>>> +- entering group authorize {...}
>>> ++[preprocess] returns ok
>>> ++[chap] returns noop
>>> ++[mschap] returns noop
>>> ++[digest] returns noop
>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>> [suffix] No such realm "NULL"
>>> ++[suffix] returns noop
>>> [eap] No EAP-Message, not doing EAP
>>> ++[eap] returns noop
>>> [files] users: Matched entry DEFAULT at line 172
>>> ++[files] returns ok
>>> [sql]   expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> rlm_sql (sql): Reserving sql socket id: 1
>>> [sql]   expand: SELECT id, username, attribute, value, op
>>> FROM tbl_check           WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_check           WHERE username = '10021'           ORDER BY
>>> id
>>> [sql] User found in radcheck table
>>> [sql]   expand: SELECT id, username, attribute, value, op
>>> FROM tbl_reply           WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_reply           WHERE username = '10021'           ORDER BY
>>> id
>>> [sql]   expand: SELECT groupname           FROM tbl_usergroup
>>> WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
>>> SELECT groupname           FROM tbl_usergroup           WHERE username
>>> = '10021'           ORDER BY priority
>>> [sql]   expand: SELECT id, groupname, attribute,           Value, op
>>>        FROM tbl_groupcheck           WHERE groupname = '%{Sql-Group}'
>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>> Value, op           FROM tbl_groupcheck           WHERE groupname =
>>> 'TEST-10G'           ORDER BY id
>>> [sql] User found in group TEST-10G
>>> [sql]   expand: SELECT id, groupname, attribute,           value, op
>>>        FROM tbl_groupreply           WHERE groupname = '%{Sql-Group}'
>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>> value, op           FROM tbl_groupreply           WHERE groupname =
>>> 'TEST-10G'           ORDER BY id
>>> rlm_sql (sql): Released sql socket id: 1
>>> ++[sql] returns ok
>>> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>>> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>>> ++[checkval] returns ok
>>> [expiration] Checking Expiration time: '1 Sep 2011'
>>> ++[expiration] returns ok
>>> ++[logintime] returns noop
>>> ++[pap] returns updated
>>> Found Auth-Type = PAP
>>> # Executing group from file /etc/freeradius/sites-enabled/default
>>> +- entering group PAP {...}
>>> [pap] login attempt with password "xxxxx"
>>> [pap] Using CRYPT password "Wh1vvjSX72NI6"
>>> [pap] User authenticated successfully
>>> ++[pap] returns ok
>>> # Executing section session from file /etc/freeradius/sites-enabled/default
>>> +- entering group session {...}
>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>> /var/log/freeradius/radutmp
>>> [radutmp]       expand: %{User-Name} -> 10021
>>> ++[radutmp] returns ok
>>> # Executing section post-auth from file /etc/freeradius/sites-enabled/default
>>> +- entering group post-auth {...}
>>> [sql]   expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> [sql]   expand: %{User-Password} -> xxxxx
>>> [sql]   expand: INSERT INTO tbl_postauth
>>> (username, pass, reply, authdate)                           VALUES (
>>>                        '%{User-Name}',
>>> '%{%{User-Password}:-%{Chap-Password}}',
>>> '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth
>>>             (username, pass, reply, authdate)
>>>  VALUES (                           '10021',
>>> '10021',                           'Access-Accept', '2011-08-08
>>> 01:31:49')
>>> rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth
>>>                    (username, pass, reply, authdate)
>>>         VALUES (                           '10021',
>>>        '10021',                           'Access-Accept',
>>> '2011-08-08 01:31:49')
>>> rlm_sql (sql): Reserving sql socket id: 0
>>> rlm_sql (sql): Released sql socket id: 0
>>> ++[sql] returns ok
>>> ++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
>>> tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>> WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>> FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) =
>>> MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}")
>>> sql_xlat
>>>        expand: %{User-Name} -> 10021
>>> sql_set_user escaped user --> '10021'
>>>        expand: SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
>>> tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>               WHERE tbl_usergroup.username = '%{User-Name}' -> SELECT
>>> tbl_groupcheck.value from tbl_groupcheck
>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname =
>>> tbl_usergroup.groupname WHERE tbl_usergroup.username = '10021'
>>> rlm_sql (sql): Reserving sql socket id: 4
>>> sql_xlat finished
>>> rlm_sql (sql): Released sql socket id: 4
>>>        expand: %{sql:SELECT tbl_groupcheck.value from tbl_groupcheck
>>> JOIN tbl_usergroup on tbl_groupcheck.groupname =
>>> tbl_usergroup.groupname
>>>               WHERE tbl_usergroup.username = '%{User-Name}'} -> 23737418240
>>> sql_xlat
>>>        expand: %{User-Name} -> 10021
>>> sql_set_user escaped user --> '10021'
>>>        expand: SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
>>>               WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
>>> AND YEAR(acctstoptime) = YEAR(NOW())
>>>               -> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM
>>> tbl_acct WHERE UserName='10021'
>>>               AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())
>>> rlm_sql (sql): Reserving sql socket id: 3
>>> sql_xlat finished
>>> rlm_sql (sql): Released sql socket id: 3
>>>        expand: %{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
>>> WHERE UserName='%{User-Name}'
>>>               AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
>>> YEAR(NOW())} -> 21093361889
>>> ? Evaluating ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck
>>> JOIN tbl_usergroup on tbl_groupcheck.groupname =
>>> tbl_usergroup.groupname
>>>                       WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>                       FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime)
>>> = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}") -> FALSE
>>> ++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
>>> tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>                       WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>                       FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime)
>>> = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}") -> FALSE
>>> ++[exec] returns noop
>>> Sending Access-Accept of id 55 to xxx.xx.xx.xx port 60642
>>>        Framed-Protocol := PPP
>>>        Framed-Compression := Van-Jacobson-TCP-IP
>>>        Framed-MTU := 1472
>>>        Idle-Timeout := 300
>>>        Reply-Message := "Welcome to Internet Services"
>>>        Mikrotik-Rate-Limit := "512K/2048K 512K/2048K 512K/2048K 180/180 8"
>>>        Framed-Netmask := 255.255.255.0
>>>        Session-Timeout = 2068091
>>> Finished request 2.
>>> Going to the next request
>>> Waking up in 4.9 seconds.
>>> rad_recv: Accounting-Request packet from host xxx.xx.xx.xx port 40276,
>>> id=56, length=154
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 60
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "10021"
>>>        Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>>        Called-Station-Id = "iBroadNet Internet"
>>>        NAS-Port-Id = "LAN"
>>>        Acct-Session-Id = "81800038"
>>>        Framed-IP-Address = 172.16.11.250
>>>        Acct-Authentic = RADIUS
>>>        Event-Timestamp = "Aug  8 2011 01:31:47 IST"
>>>        Acct-Status-Type = Start
>>>        NAS-Identifier = "NTL.xxxxx"
>>>        NAS-IP-Address = xxx.xx.xx.xx
>>>        Acct-Delay-Time = 0
>>> # Executing section preacct from file /etc/freeradius/sites-enabled/default
>>> +- entering group preacct {...}
>>> ++[preprocess] returns ok
>>> [acct_unique] Hashing 'NAS-Port = 60,Client-IP-Address =
>>> xxx.xx.xx.xx,NAS-IP-Address = xxx.xx.xx.xx,Acct-Session-Id =
>>> "81800038",User-Name = "10021"'
>>> [acct_unique] Acct-Unique-Session-ID = "840514b78a2e0def".
>>> ++[acct_unique] returns ok
>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>> [suffix] No such realm "NULL"
>>> ++[suffix] returns noop
>>> ++[files] returns noop
>>> # Executing section accounting from file /etc/freeradius/sites-enabled/default
>>> +- entering group accounting {...}
>>> [detail]        expand:
>>> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
>>> /var/log/freeradius/radacct/xxx.xx.xx.xx/detail-20110808
>>> [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/xxx.xx.xx.xx/detail-20110808
>>> [detail]        expand: %t -> Mon Aug  8 01:31:49 2011
>>> ++[detail] returns ok
>>> ++[unix] returns ok
>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>> /var/log/freeradius/radutmp
>>> [radutmp]       expand: %{User-Name} -> 10021
>>> ++[radutmp] returns ok
>>> [sql]   expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> [sql]   expand: %{Acct-Delay-Time} -> 0
>>> [sql]   expand:            INSERT INTO tbl_acct
>>> (acctsessionid,    acctuniqueid,     username,              realm,
>>>       nasipaddress,     nasportid,              nasporttype,
>>> acctstarttime,    acctstoptime,              acctsessiontime,
>>> acctauthentic,    connectinfo_start,              connectinfo_stop,
>>> acctinputoctets,  acctoutputoctets,              calledstationid,
>>> callingstationid, acctterminatecause,              servicetype,
>>> framedprotocol,   framedipaddress,              acctstartdelay,
>>> acctstopdelay,    xascendsessionsvrkey)           VALUES
>>> ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>>> '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
>>> '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
>>>  '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0',
>>> '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>>>             '%{Service-Type}', '%{Framed-Protocol}',
>>> '%{Framed-IP-Address}',
>>> rlm_sql (sql): Reserving sql socket id: 2
>>> rlm_sql (sql): Released sql socket id: 2
>>> ++[sql] returns ok
>>> ++[exec] returns noop
>>> [attr_filter.accounting_response]       expand: %{User-Name} -> 10021
>>> attr_filter: Matched entry DEFAULT at line 12
>>> ++[attr_filter.accounting_response] returns updated
>>> Sending Accounting-Response of id 56 to xxx.xx.xx.xx port 40276
>>> Finished request 3.
>>> Cleaning up request 3 ID 56 with timestamp +17
>>> Going to the next request
>>> Waking up in 4.8 seconds.
>>> 
>>> The condition outputs 23737418240 > 21093361889 RETURNS FALSE .
>>> 
>>> On Mon, Aug 8, 2011 at 12:51 PM, Arran Cudbard-Bell
>>> <a.cudbardb at freeradius.org> wrote:
>>>> RFC 2865:
>>>> 
>>>>      integer   32 bit unsigned value, most significant octet first.
>>>> 
>>>> FreeRADIUS is just a RADIUS server, and the temporary integer attributes are just RADIUS attributes.
>>>> 
>>>> -Arran
>>>> 
>>>> 
>>>> 
>>>> On 8 Aug 2011, at 09:11, Suman Dash wrote:
>>>> 
>>>>> I am trying to replace sqlcounter with Unland expression in Post Auth
>>>>> Section. The values are successfully called but while storing in
>>>>> Tmp-Interger those are stripped. Below are the logs .
>>>>> As you can see from the logs that Mysql returns a value of 20989570594
>>>>> But it's stored as 3557549056 for Tmp-Integer-0
>>>>> 
>>>>> The same happens to Tmp-Integer-1 due to which the expression output
>>>>> becomes FALSE instead of TRUE.
>>>>> 
>>>>> Is this the limitation of Tmp-Integer as it is an 32bit int ?
>>>>> 
>>>>> ##Post-Auth Section
>>>>> 
>>>>> sql
>>>>> update control    {
>>>>>                            Tmp-Integer-0 := "%{sql:SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
>>>>>                                                FROM tbl_acct WHERE
>>>>> UserName='%{User-Name}' \
>>>>>                                                AND
>>>>> MONTH(acctstoptime) = MONTH(NOW()) \
>>>>>                                                AND YEAR(acctstoptime)
>>>>> = YEAR(NOW())}"
>>>>>                            Tmp-Integer-1 := "%{sql:SELECT
>>>>> tbl_groupcheck.value from tbl_groupcheck \
>>>>>                                                JOIN tbl_usergroup on
>>>>> tbl_groupcheck.groupname = tbl_usergroup.groupname \
>>>>>                                                where
>>>>> tbl_usergroup.username = '%{User-Name}'}"
>>>>>                          }
>>>>>                if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") {
>>>>>                                update reply {
>>>>>                                        Mikrotik-Recv-Limit :=
>>>>> "%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}"
>>>>>                                             }
>>>>>                                                                             }
>>>>>                if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") {
>>>>>                                update reply {
>>>>>                                        Reply-Message := "Fair Usage
>>>>> Policy Enforced, Bandwidth Limited"
>>>>>                                        Mikrotik-Rate-Limit :=
>>>>> "128K/256K 128K/256K 128K/256K 180/180 8"
>>>>>                                             }
>>>>>                                                                              }
>>>>> ##MySQL Table
>>>>> 
>>>>> mysql> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>> ->     FROM tbl_acct WHERE UserName='10021'
>>>>> ->     AND MONTH(acctstoptime) = MONTH(NOW())
>>>>> ->     AND YEAR(acctstoptime) = YEAR(NOW());
>>>>> 
>>>>> +------------------------------------------------------+
>>>>> | IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) |
>>>>> +------------------------------------------------------+
>>>>> |                                          20989570594 |
>>>>> +------------------------------------------------------+
>>>>> 1 row in set (0.00 sec)
>>>>> 
>>>>> mysql> SELECT tbl_groupcheck.value from tbl_groupcheck
>>>>> ->            JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>> ->            where tbl_usergroup.username = '10021';
>>>>> 
>>>>> +-------------+
>>>>> | value       |
>>>>> +-------------+
>>>>> | 20737418240 |
>>>>> +-------------+
>>>>> 1 row in set (0.00 sec)
>>>>> 
>>>>> 
>>>>> ##RADIUS DEBUG LOG
>>>>> 
>>>>> 
>>>>> Finished request 4.
>>>>> Cleaning up request 4 ID 176 with timestamp +15
>>>>> Going to the next request
>>>>> Ready to process requests.
>>>>> rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198,
>>>>> id=236, length=132
>>>>>        Service-Type = Framed-User
>>>>>        Framed-Protocol = PPP
>>>>>        NAS-Port = 56
>>>>>        NAS-Port-Type = Ethernet
>>>>>        User-Name = "10021"
>>>>>        Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
>>>>>        Called-Station-Id = "Internet"
>>>>>        NAS-Port-Id = "LAN"
>>>>>        User-Password = "10021"
>>>>>        NAS-Identifier = "XXX.XXXXXXX"
>>>>>        NAS-IP-Address = XXX.XX.XX.86
>>>>> # Executing section authorize from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group authorize {...}
>>>>> ++[preprocess] returns ok
>>>>> ++[chap] returns noop
>>>>> ++[mschap] returns noop
>>>>> ++[digest] returns noop
>>>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>>>> [suffix] No such realm "NULL"
>>>>> ++[suffix] returns noop
>>>>> [eap] No EAP-Message, not doing EAP
>>>>> ++[eap] returns noop
>>>>> [files] users: Matched entry DEFAULT at line 172
>>>>> ++[files] returns ok
>>>>> [sql]   expand: %{User-Name} -> 10021
>>>>> [sql] sql_set_user escaped user --> '10021'
>>>>> rlm_sql (sql): Reserving sql socket id: 3
>>>>> [sql]   expand: SELECT id, username, attribute, value, op
>>>>> FROM tbl_check           WHERE username = '%{SQL-User-Name}'
>>>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>>>> FROM tbl_check           WHERE username = '10021'           ORDER BY
>>>>> id
>>>>> [sql] User found in radcheck table
>>>>> [sql]   expand: SELECT id, username, attribute, value, op
>>>>> FROM tbl_reply           WHERE username = '%{SQL-User-Name}'
>>>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>>>> FROM tbl_reply           WHERE username = '10021'           ORDER BY
>>>>> id
>>>>> [sql]   expand: SELECT groupname           FROM tbl_usergroup
>>>>> WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
>>>>> SELECT groupname           FROM tbl_usergroup           WHERE username
>>>>> = '10021'           ORDER BY priority
>>>>> [sql]   expand: SELECT id, groupname, attribute,           Value, op
>>>>>        FROM tbl_groupcheck           WHERE groupname = '%{Sql-Group}'
>>>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>>>> Value, op           FROM tbl_groupcheck           WHERE groupname =
>>>>> 'TEST-10G'           ORDER BY id
>>>>> [sql] User found in group TEST-10G
>>>>> [sql]   expand: SELECT id, groupname, attribute,           value, op
>>>>>        FROM tbl_groupreply           WHERE groupname = '%{Sql-Group}'
>>>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>>>> value, op           FROM tbl_groupreply           WHERE groupname =
>>>>> 'TEST-10G'           ORDER BY id
>>>>> rlm_sql (sql): Released sql socket id: 3
>>>>> ++[sql] returns ok
>>>>> rlm_checkval: Item Name: Calling-Station-Id, Value: XX:XX:XX:BA:8A:3B
>>>>> rlm_checkval: Value Name: Calling-Station-Id, Value: XX:XX:XX:BA:8A:3B
>>>>> ++[checkval] returns ok
>>>>> [expiration] Checking Expiration time: '1 Sep 2011'
>>>>> ++[expiration] returns ok
>>>>> ++[logintime] returns noop
>>>>> ++[pap] returns updated
>>>>> Found Auth-Type = PAP
>>>>> # Executing group from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group PAP {...}
>>>>> [pap] login attempt with password "XXXXX"
>>>>> [pap] Using CRYPT password "XXXXXXXXXXXXXX"
>>>>> [pap] User authenticated successfully
>>>>> ++[pap] returns ok
>>>>> # Executing section session from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group session {...}
>>>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>>>> /var/log/freeradius/radutmp
>>>>> [radutmp]       expand: %{User-Name} -> 10021
>>>>> ++[radutmp] returns ok
>>>>> # Executing section post-auth from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group post-auth {...}
>>>>> [sql]   expand: %{User-Name} -> 10021
>>>>> [sql] sql_set_user escaped user --> '10021'
>>>>> [sql]   expand: %{User-Password} -> XXXXX
>>>>> [sql]   expand: INSERT INTO tbl_postauth
>>>>> (username, pass, reply, authdate)                           VALUES (
>>>>>                        '%{User-Name}',
>>>>> '%{%{User-Password}:-%{Chap-Password}}',
>>>>> '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth
>>>>>             (username, pass, reply, authdate)
>>>>>  VALUES (                           '10021',
>>>>> '10021',                           'Access-Accept', '2011-08-08
>>>>> 00:27:25')
>>>>> rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth
>>>>>                    (username, pass, reply, authdate)
>>>>>         VALUES (                           '10021',
>>>>>        '10021',                           'Access-Accept',
>>>>> '2011-08-08 00:27:25')
>>>>> rlm_sql (sql): Reserving sql socket id: 2
>>>>> rlm_sql (sql): Released sql socket id: 2
>>>>> ++[sql] returns ok
>>>>> sql_xlat
>>>>>        expand: %{User-Name} -> 10021
>>>>> sql_set_user escaped user --> '10021'
>>>>>        expand: SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>>               FROM tbl_acct WHERE UserName='%{User-Name}'
>>>>>               AND MONTH(acctstoptime) = MONTH(NOW())
>>>>>               AND YEAR(acctstoptime) = YEAR(NOW()) -> SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>>               FROM tbl_acct WHERE UserName='10021'
>>>>>               AND MONTH(acctstoptime) = MONTH(NOW())
>>>>>               AND YEAR(acctstoptime) = YEAR(NOW())
>>>>> rlm_sql (sql): Reserving sql socket id: 1
>>>>> sql_xlat finished
>>>>> rlm_sql (sql): Released sql socket id: 1
>>>>>        expand: %{sql:SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>>               FROM tbl_acct WHERE UserName='%{User-Name}'
>>>>>               AND MONTH(acctstoptime) = MONTH(NOW())
>>>>>               AND YEAR(acctstoptime) = YEAR(NOW())} -> 20989570594
>>>>> sql_xlat
>>>>>        expand: %{User-Name} -> 10021
>>>>> sql_set_user escaped user --> '10021'
>>>>>        expand: SELECT tbl_groupcheck.value from tbl_groupcheck
>>>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>>               where tbl_usergroup.username = '%{User-Name}' -> SELECT
>>>>> tbl_groupcheck.value from tbl_groupcheck
>>>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>>               where tbl_usergroup.username = '10021'
>>>>> rlm_sql (sql): Reserving sql socket id: 0
>>>>> sql_xlat finished
>>>>> rlm_sql (sql): Released sql socket id: 0
>>>>>        expand: %{sql:SELECT tbl_groupcheck.value from tbl_groupcheck
>>>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>>               where tbl_usergroup.username = '%{User-Name}'} -> 20737418240
>>>>> ++[control] returns ok
>>>>> ++? if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}")
>>>>>        expand: %{control:Tmp-Integer-1} -> 3557549056
>>>>>        expand: %{control:Tmp-Integer-0} -> 3809701410
>>>>> ? Evaluating ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") -> FALSE
>>>>> ++? if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") -> FALSE
>>>>> ++? if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}")
>>>>>        expand: %{control:Tmp-Integer-1} -> 3557549056
>>>>>        expand: %{control:Tmp-Integer-0} -> 3809701410
>>>>> ? Evaluating ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") -> TRUE
>>>>> ++? if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") -> TRUE
>>>>> ++- entering if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") {...}
>>>>> +++[reply] returns ok
>>>>> ++- if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") returns ok
>>>>> ++[exec] returns noop
>>>>> Sending Access-Accept of id 236 to XXX.XX.XX.86 port 44198
>>>>>        Framed-Protocol = PPP
>>>>>        Framed-Compression = Van-Jacobson-TCP-IP
>>>>>        Framed-MTU = 1472
>>>>>        Idle-Timeout = 300
>>>>>        Reply-Message = "Fair Usage Policy Enforced, Bandwidth Limited"
>>>>>        Mikrotik-Rate-Limit = "128K/256K 128K/256K 128K/256K 180/180 8"
>>>>>        Framed-Netmask = 255.255.255.0
>>>>>        Session-Timeout = 2071955
>>>>> Finished request 5.
>>>>> Going to the next request
>>>>> Waking up in 4.9 seconds.
>>>>> rad_recv: Accounting-Request packet from host XXX.XX.XX.86 port 45096,
>>>>> id=237, length=154
>>>>>        Service-Type = Framed-User
>>>>>        Framed-Protocol = PPP
>>>>>        NAS-Port = 56
>>>>>        NAS-Port-Type = Ethernet
>>>>>        User-Name = "10021"
>>>>>        Calling-Station-Id = "XX:XX:XX:BA:8A:3B"
>>>>>        Called-Station-Id = " Internet"
>>>>>        NAS-Port-Id = "LAN"
>>>>>        Acct-Session-Id = "81800034"
>>>>>        Framed-IP-Address = XXX.XX.XX.250
>>>>>        Acct-Authentic = RADIUS
>>>>>        Event-Timestamp = "Aug  8 2011 00:27:23 IST"
>>>>>        Acct-Status-Type = Start
>>>>>        NAS-Identifier = "XXX.XXXXXXX"
>>>>>        NAS-IP-Address = XXX:XX:XX.86
>>>>>        Acct-Delay-Time = 0
>>>>> # Executing section preacct from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group preacct {...}
>>>>> ++[preprocess] returns ok
>>>>> [acct_unique] Hashing 'NAS-Port = 56,Client-IP-Address =
>>>>> XXX.XX.XX.86,NAS-IP-Address = XXX.XX.XX.86,Acct-Session-Id =
>>>>> "81800034",User-Name = "10021"'
>>>>> [acct_unique] Acct-Unique-Session-ID = "e99f1594c7c50876".
>>>>> ++[acct_unique] returns ok
>>>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>>>> [suffix] No such realm "NULL"
>>>>> ++[suffix] returns noop
>>>>> ++[files] returns noop
>>>>> # Executing section accounting from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group accounting {...}
>>>>> [detail]        expand:
>>>>> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
>>>>> /var/log/freeradius/radacct/125.20.80.86/detail-20110808
>>>>> [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
>>>>> expands to /var/log/freeradius/radacct/125.20.80.86/detail-20110808
>>>>> [detail]        expand: %t -> Mon Aug  8 00:27:25 2011
>>>>> ++[detail] returns ok
>>>>> ++[unix] returns ok
>>>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>>>> /var/log/freeradius/radutmp
>>>>> [radutmp]       expand: %{User-Name} -> 10021
>>>>> ++[radutmp] returns ok
>>>>> [sql]   expand: %{User-Name} -> 10021
>>>>> [sql] sql_set_user escaped user --> '10021'
>>>>> [sql]   expand: %{Acct-Delay-Time} -> 0
>>>>> [sql]   expand:            INSERT INTO tbl_acct
>>>>> (acctsessionid,    acctuniqueid,     username,              realm,
>>>>>       nasipaddress,     nasportid,              nasporttype,
>>>>> acctstarttime,    acctstoptime,              acctsessiontime,
>>>>> acctauthentic,    connectinfo_start,              connectinfo_stop,
>>>>> acctinputoctets,  acctoutputoctets,              calledstationid,
>>>>> callingstationid, acctterminatecause,              servicetype,
>>>>> framedprotocol,   framedipaddress,              acctstartdelay,
>>>>> acctstopdelay,    xascendsessionsvrkey)           VALUES
>>>>> ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>>>>> '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
>>>>> '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
>>>>>  '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0',
>>>>> '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>>>>>             '%{Service-Type}', '%{Framed-Protocol}',
>>>>> '%{Framed-IP-Address}',
>>>>> rlm_sql (sql): Reserving sql socket id: 4
>>>>> rlm_sql (sql): Released sql socket id: 4
>>>>> ++[sql] returns ok
>>>>> ++[exec] returns noop
>>>>> [attr_filter.accounting_response]       expand: %{User-Name} -> 10021
>>>>> attr_filter: Matched entry DEFAULT at line 12
>>>>> ++[attr_filter.accounting_response] returns updated
>>>>> Sending Accounting-Response of id 237 to XXX.XX.XX.86 port 45096
>>>>> Finished request 6.
>>>>> Cleaning up request 6 ID 237 with timestamp +18
>>>>> Going to the next request
>>>>> Waking up in 4.8 seconds.
>>>>> -
>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>> 
>>>> 
>>>> Arran Cudbard-Bell
>>>> a.cudbardb at freeradius.org
>>>> 
>>>> RADIUS - Half the complexity of Diameter
>>>> 
>>>> 
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>> 
>>> 
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>> 
>> 
>> Arran Cudbard-Bell
>> a.cudbardb at freeradius.org
>> 
>> RADIUS - Half the complexity of Diameter
>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

Arran Cudbard-Bell
a.cudbardb at freeradius.org

RADIUS - Half the complexity of Diameter





More information about the Freeradius-Users mailing list